<!doctype html><html lang="en"><head>
    <meta charset="utf-8">
    <title>Another Ransomware For Linux Likely In Development</title>
    <link rel="shortcut icon" href="https://www.uptycs.com/hubfs/slack-emoji.png">
    <meta name="description" content="New discovery by the Uptycs Threat Research Team of Executable and Linkable Format (ELF) ransomware by ransomware group DarkAngels. ">
    
    
    <script src="/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js"></script>
<script src="/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js"></script>
<script>hsjQuery = window['jQuery'];</script>
    <meta property="og:description" content="New discovery by the Uptycs Threat Research Team of Executable and Linkable Format (ELF) ransomware by ransomware group DarkAngels. ">
    <meta property="og:title" content="Another Ransomware For Linux Likely In Development">
    <meta name="twitter:description" content="New discovery by the Uptycs Threat Research Team of Executable and Linkable Format (ELF) ransomware by ransomware group DarkAngels. ">
    <meta name="twitter:title" content="Another Ransomware For Linux Likely In Development">

    

    
    <style>
a.cta_button{-moz-box-sizing:content-box !important;-webkit-box-sizing:content-box !important;box-sizing:content-box !important;vertical-align:middle}.hs-breadcrumb-menu{list-style-type:none;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px}.hs-breadcrumb-menu-item{float:left;padding:10px 0px 10px 10px}.hs-breadcrumb-menu-divider:before{content:'›';padding-left:10px}.hs-featured-image-link{border:0}.hs-featured-image{float:right;margin:0 0 20px 20px;max-width:50%}@media (max-width: 568px){.hs-featured-image{float:none;margin:0;width:100%;max-width:100%}}.hs-screen-reader-text{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute !important;width:1px}
</style>

<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/51822599820/1632234478733/uptycs-srw/css/styles.min.css">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/1631654399582/module_51822599800_u4m-header.css">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/51823447372/1631554158899/module_51823447372_u4m-blog-post-cards.min.css">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/51822599816/1632234480422/module_51822599816_u4m-subscribe.min.css">
<link rel="stylesheet" href="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/51823447380/1632234478743/module_51823447380_u4m-footer.min.css">
    

    

<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-P663XDQ');</script>

<!-- End Google Tag Manager -->

<link rel="amphtml" href="https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development?hs_amp=true">

<meta property="og:image" content="https://lh3.googleusercontent.com/T7wP74BJ4WlidkP2tY9aV2xH-Z7lfAqlGgJlTOJOQ3QafK0m58dVb15z-j4nOitTV29eWeYw-A1esKLx98bTqsgI_wIyYDvDHgVy4s8dww0DZMuYjIhQQjWQn3WK63XIXvxdo-nR4wrIRUOOrIjWnW0#keepProtocol">
<meta property="og:image:width" content="1600">
<meta property="og:image:height" content="762">

<meta name="twitter:image" content="https://lh3.googleusercontent.com/T7wP74BJ4WlidkP2tY9aV2xH-Z7lfAqlGgJlTOJOQ3QafK0m58dVb15z-j4nOitTV29eWeYw-A1esKLx98bTqsgI_wIyYDvDHgVy4s8dww0DZMuYjIhQQjWQn3WK63XIXvxdo-nR4wrIRUOOrIjWnW0#keepProtocol">


<meta property="og:url" content="https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development">
<meta name="twitter:card" content="summary_large_image">

<link rel="canonical" href="https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development">
<script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5abce1b92ae0c302"></script>
<meta property="og:type" content="article">
<link rel="alternate" type="application/rss+xml" href="https://www.uptycs.com/blog/rss.xml">
<meta name="twitter:domain" content="www.uptycs.com">
<meta name="twitter:site" content="@uptycs">

<meta http-equiv="content-language" content="en">






    
<meta name="generator" content="HubSpot"></head>
<body class="  hs-content-id-83665485132 hs-blog-post hs-blog-id-5593128451 ">
    
    
        <div id="hs_cos_wrapper_u4m-header" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module">

<header class="u4m-header">
  <a class="skip-to-content-link" href="#main-content">Skip to content</a>
  <div class="ie11-banner"><div class="ie11-banner-inner"></div></div>
  <div class="inner">
    <div class="logo">
      <a href="/">
        <img loading="lazy" src="https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=360&amp;name=Uptycs%20Logo%20Navigation.png" width="360" alt="Uptycs Logo Navigation" srcset="https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=180&amp;name=Uptycs%20Logo%20Navigation.png 180w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=360&amp;name=Uptycs%20Logo%20Navigation.png 360w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=540&amp;name=Uptycs%20Logo%20Navigation.png 540w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=720&amp;name=Uptycs%20Logo%20Navigation.png 720w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=900&amp;name=Uptycs%20Logo%20Navigation.png 900w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=1080&amp;name=Uptycs%20Logo%20Navigation.png 1080w" sizes="(max-width: 360px) 100vw, 360px">
      </a>
    </div>
    <div class="menu"><span id="hs_cos_wrapper_u4m-header_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_u4m-header_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="default" data-menu-id="51884278609" aria-label="Navigation Menu">
 <ul role="menu" class="active-branch">
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem"><span class="mega">Products</span></a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="https://www.uptycs.com/cloud-security-solutions" role="menuitem">Platform</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/cloud-security-solutions" role="menuitem">The Uptycs Security Analytics Platform</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/cloud-security-solutions#telemetry" role="menuitem">The Power of Structured Telemetry</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/cloud-security-solutions#cloud-security" role="menuitem">Cloud-Native Security Analytics</a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Attack Surfaces</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/endpoint-security-service" role="menuitem">Endpoints &amp; Server Security</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/container-security-solutions" role="menuitem">Containers &amp; Kubernetes</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/cloud-security-services" role="menuitem">Cloud Security</a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Open Source</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/open-source-cloud-security-solutions" role="menuitem">Cloudquery</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/kubernetes-security-tools" role="menuitem">Kubequery</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/open-source-security-tools" role="menuitem">Osquery</a></li>
     </ul></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem"><span class="mega">Solutions</span></a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Category</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/security-and-monitoring-for-cloud-workloads" role="menuitem">Cloud Workload Protection Platform (CWPP)</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/cloud-security-posture-management" role="menuitem">Cloud Security Posture Management (CSPM)</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/endpoint-detection-and-response" role="menuitem">eXtended Detection and Response (XDR)</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/it-asset-inventory" role="menuitem">Insight &amp; Inventory</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/it-security-compliance" role="menuitem">Audit, Compliance &amp; Governance</a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Audit &amp; Compliance Frameworks</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/fedramp-compliance" role="menuitem">FedRAMP</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/soc-type-2-compliance" role="menuitem">SOC-2</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/cis-compliance" role="menuitem">CIS</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/pci-compliance" role="menuitem">PCI</a></li>
     </ul></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children active-branch" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem"><span class="mega">Resources</span></a>
   <ul role="menu" class="hs-menu-children-wrapper active-branch">
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="https://www.uptycs.com/resources" role="menuitem">Resources by Topic</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#all" role="menuitem">All Resources</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#cloud-security" role="menuitem">Cloud Security</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#containers-and-kubernetes" role="menuitem">Containers &amp; Kubernetes</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#endpoint-security" role="menuitem">Endpoint Security</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#threat-research" role="menuitem">Threat Research</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/free-log4j-vulnerability-assessment-tool#free-log4j-vulnerability-assessment-tool" role="menuitem" target="_blank" rel="noopener"><strong><font color="#8E24AA">Log4j Free Vulnerability Assessment</font></strong></a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children active-branch" role="none"><a href="javascript:;" role="menuitem">Additional Resources</a>
     <ul role="menu" class="hs-menu-children-wrapper active-branch">
      <li class="hs-menu-item hs-menu-depth-3 active active-branch" role="none"><a href="https://www.uptycs.com/blog" role="menuitem">Blog</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/upcoming-events" role="menuitem">Events</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/free-osquery-training-intro-to-osquery" role="menuitem">Osquery Tutorial</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/tools-and-integrations" role="menuitem">Tools and Integrations</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/uptycs-live-monthly-webinar-series" role="menuitem">Uptycs Live Series</a></li>
     </ul></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Company</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/about-us" role="menuitem">About Us</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/leadership" role="menuitem">Leadership</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/careers" role="menuitem">Careers</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/press-coverage" role="menuitem">Press &amp; News</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/contact-us" role="menuitem">Contact Us</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/security" role="menuitem">Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/privacy" role="menuitem">Privacy</a></li>
   </ul></li>
 </ul>
</div></span></div>
    <div class="search-toggle"><i class="fas fa-search search-toggle-button" aria-hidden="true"></i></div>
    <div class="cta"><span id="hs_cos_wrapper_u4m-header_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_cta" style="" data-hs-cos-general-type="widget" data-hs-cos-type="cta"><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-a7d11793-e0ce-4560-92cb-25a82ef6370a"><span class="hs-cta-node hs-cta-a7d11793-e0ce-4560-92cb-25a82ef6370a" id="hs-cta-a7d11793-e0ce-4560-92cb-25a82ef6370a"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/a7d11793-e0ce-4560-92cb-25a82ef6370a"><img class="hs-cta-img" id="hs-cta-img-a7d11793-e0ce-4560-92cb-25a82ef6370a" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/2617658/a7d11793-e0ce-4560-92cb-25a82ef6370a.png" alt="Try it Free"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, 'a7d11793-e0ce-4560-92cb-25a82ef6370a', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></span> <span id="hs_cos_wrapper_u4m-header_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_cta" style="" data-hs-cos-general-type="widget" data-hs-cos-type="cta"><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-4064fb31-4428-48ee-81ea-f67fbaf14ee6"><span class="hs-cta-node hs-cta-4064fb31-4428-48ee-81ea-f67fbaf14ee6" id="hs-cta-4064fb31-4428-48ee-81ea-f67fbaf14ee6"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/4064fb31-4428-48ee-81ea-f67fbaf14ee6"><img class="hs-cta-img" id="hs-cta-img-4064fb31-4428-48ee-81ea-f67fbaf14ee6" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/2617658/4064fb31-4428-48ee-81ea-f67fbaf14ee6.png" alt="Request Your Demo"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, '4064fb31-4428-48ee-81ea-f67fbaf14ee6', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></span></div>
    <button class="hamburger-toggle x2"><span class="lines"></span></button>
    <div class="offscreen-menu">
      <div class="content">
        <div class="mobile-search">
            <div class="hs-search-field"> 
              <div class="hs-search-field__bar"> 
                <form action="/hs-search-results">
                  <input type="text" class="hs-search-field__input search-input" name="term" autocomplete="off" aria-label="Search" placeholder="Search">
                  
                  <input type="hidden" name="type" value="SITE_PAGE">
                  <input type="hidden" name="type" value="LANDING_PAGE">
                  <input type="hidden" name="type" value="BLOG_POST">
                  <input type="hidden" name="type" value="LISTING_PAGE">
                  <input type="hidden" name="type" value="KNOWLEDGE_ARTICLE">     

                  
                      

                  
                  

                  
                  <button aria-label="Search" class="search-button"><i class="fas fa-search" aria-hidden="true"></i></button>
                </form>
              </div>
              <ul class="hs-search-field__suggestions"></ul>
            </div>
        </div>   
              
        <div class="mobile-menu"><span id="hs_cos_wrapper_u4m-header_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_u4m-header_" class="hs-menu-wrapper active-branch no-flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="default" data-menu-id="51884278609" aria-label="Navigation Menu">
 <ul role="menu" class="active-branch">
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem"><span class="mega">Products</span></a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="https://www.uptycs.com/cloud-security-solutions" role="menuitem">Platform</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/cloud-security-solutions" role="menuitem">The Uptycs Security Analytics Platform</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/cloud-security-solutions#telemetry" role="menuitem">The Power of Structured Telemetry</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/cloud-security-solutions#cloud-security" role="menuitem">Cloud-Native Security Analytics</a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Attack Surfaces</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/endpoint-security-service" role="menuitem">Endpoints &amp; Server Security</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/container-security-solutions" role="menuitem">Containers &amp; Kubernetes</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/cloud-security-services" role="menuitem">Cloud Security</a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Open Source</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/open-source-cloud-security-solutions" role="menuitem">Cloudquery</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/kubernetes-security-tools" role="menuitem">Kubequery</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/product/open-source-security-tools" role="menuitem">Osquery</a></li>
     </ul></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem"><span class="mega">Solutions</span></a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Category</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/security-and-monitoring-for-cloud-workloads" role="menuitem">Cloud Workload Protection Platform (CWPP)</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/cloud-security-posture-management" role="menuitem">Cloud Security Posture Management (CSPM)</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/endpoint-detection-and-response" role="menuitem">eXtended Detection and Response (XDR)</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/it-asset-inventory" role="menuitem">Insight &amp; Inventory</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/it-security-compliance" role="menuitem">Audit, Compliance &amp; Governance</a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="javascript:;" role="menuitem">Audit &amp; Compliance Frameworks</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/fedramp-compliance" role="menuitem">FedRAMP</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/soc-type-2-compliance" role="menuitem">SOC-2</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/cis-compliance" role="menuitem">CIS</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/solutions/pci-compliance" role="menuitem">PCI</a></li>
     </ul></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children active-branch" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem"><span class="mega">Resources</span></a>
   <ul role="menu" class="hs-menu-children-wrapper active-branch">
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children" role="none"><a href="https://www.uptycs.com/resources" role="menuitem">Resources by Topic</a>
     <ul role="menu" class="hs-menu-children-wrapper">
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#all" role="menuitem">All Resources</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#cloud-security" role="menuitem">Cloud Security</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#containers-and-kubernetes" role="menuitem">Containers &amp; Kubernetes</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#endpoint-security" role="menuitem">Endpoint Security</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/resources#threat-research" role="menuitem">Threat Research</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/free-log4j-vulnerability-assessment-tool#free-log4j-vulnerability-assessment-tool" role="menuitem" target="_blank" rel="noopener"><strong><font color="#8E24AA">Log4j Free Vulnerability Assessment</font></strong></a></li>
     </ul></li>
    <li class="hs-menu-item hs-menu-depth-2 hs-item-has-children active-branch" role="none"><a href="javascript:;" role="menuitem">Additional Resources</a>
     <ul role="menu" class="hs-menu-children-wrapper active-branch">
      <li class="hs-menu-item hs-menu-depth-3 active active-branch" role="none"><a href="https://www.uptycs.com/blog" role="menuitem">Blog</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/upcoming-events" role="menuitem">Events</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/free-osquery-training-intro-to-osquery" role="menuitem">Osquery Tutorial</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/tools-and-integrations" role="menuitem">Tools and Integrations</a></li>
      <li class="hs-menu-item hs-menu-depth-3" role="none"><a href="https://www.uptycs.com/uptycs-live-monthly-webinar-series" role="menuitem">Uptycs Live Series</a></li>
     </ul></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Company</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/about-us" role="menuitem">About Us</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/leadership" role="menuitem">Leadership</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/careers" role="menuitem">Careers</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/press-coverage" role="menuitem">Press &amp; News</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/contact-us" role="menuitem">Contact Us</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/security" role="menuitem">Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/privacy" role="menuitem">Privacy</a></li>
   </ul></li>
 </ul>
</div></span></div>
        <div class="mobile-cta"><span id="hs_cos_wrapper_u4m-header_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_cta" style="" data-hs-cos-general-type="widget" data-hs-cos-type="cta"><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-4064fb31-4428-48ee-81ea-f67fbaf14ee6"><span class="hs-cta-node hs-cta-4064fb31-4428-48ee-81ea-f67fbaf14ee6" id="hs-cta-4064fb31-4428-48ee-81ea-f67fbaf14ee6"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/4064fb31-4428-48ee-81ea-f67fbaf14ee6"><img class="hs-cta-img" id="hs-cta-img-4064fb31-4428-48ee-81ea-f67fbaf14ee6" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/2617658/4064fb31-4428-48ee-81ea-f67fbaf14ee6.png" alt="Request Your Demo"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, '4064fb31-4428-48ee-81ea-f67fbaf14ee6', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></span></div>
      </div>
    </div>  
  </div>
  <div class="search-overlay">
    <div class="hs-search-field"> 
      <div class="hs-search-field__bar"> 
        <form action="/hs-search-results">
          <input type="text" class="hs-search-field__input search-input" name="term" autocomplete="off" aria-label="Search" placeholder="Search">
          
          
          <input type="hidden" name="type" value="SITE_PAGE">
          <input type="hidden" name="type" value="LANDING_PAGE">
          <input type="hidden" name="type" value="BLOG_POST">
          <input type="hidden" name="type" value="LISTING_PAGE">
          <input type="hidden" name="type" value="KNOWLEDGE_ARTICLE">     
          
          
              
          
          
          
          
          <button aria-label="Search" class="search-button"><i class="fas fa-search" aria-hidden="true"></i></button>          
          <span class="search-overlay-close" aria-label="Close"><i class="fas fa-times" aria-hidden="true"></i></span>
        </form>
      </div>
      <ul class="hs-search-field__suggestions"></ul>
    </div>
  </div>

      
</header></div>
    

    
<main id="main-content" class="body-container-wrapper">

  
  <section class="u4m-blog-post">
    <!-- Blog Post Hero -->
    <div class="hero">
      <div class="share" id="share">
        <a href="https://twitter.com/intent/tweet?original_referer=https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development&amp;url=https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development&amp;source=tweetbutton" target="_blank" aria-label="Twitter"><span class="fab fa-twitter" aria-hidden="true"></span></a>
        <a href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development" target="_blank" aria-label="LinkedIn"><span class="fab fa-linkedin" aria-hidden="true"></span></a>
        <a href="http://www.facebook.com/share.php?u=https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development" target="_blank" aria-label="Facebook"><span class="fab fa-facebook" aria-hidden="true"></span></a>
        <a href="mailto:?subject=Check%20out%20https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development" aria-label="email"><span class="fa fa-envelope" aria-hidden="true"></span></a>
      </div>
      <div class="content">
        <span class="date">September 1, 2022</span>
        <h1 class="title"><span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text">Another Ransomware For Linux Likely In Development</span></h1>
        <div class="author-wrap">
          <div class="avatar lazy" data-bg="https://f.hubspotusercontent00.net/hub/2617658/hubfs/Uptycs-Stacked-Logo-500x500-blog-author-pic.png?length=100&amp;name=Uptycs-Stacked-Logo-500x500-blog-author-pic.png"></div>
          <div class="author-link">Written by: <a href="https://www.uptycs.com/blog/author/uptycs-threat-research">Uptycs Threat Research</a></div>        
        </div>
      </div>
    </div>
    <!-- End Blog Post Hero -->
  
    <!-- Blog Post Body -->
    <div class="body" id="body">
      <div class="content"><span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"><p style="font-size: 14px;"><em>Research by: Siddharth Sharma and Nischay Hegde</em></p>
<!--more-->
<p>The Uptycs Threat Research team recently observed an Executable and Linkable Format (<a href="https://en.wikipedia.org/wiki/Executable_and_Linkable_Format"><span>ELF</span></a>) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware README note (see Figure 1). The DarkAngels ransomware was first seen this year during the <a href="https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/"><span>month of May</span></a>, in which its variants targeted Windows systems. The ELF file we found itself is new, but the Onion link found in the ransomware binary appears to be down, indicating that this new Linux-targeted ransomware might still be under development.</p>
<p>&nbsp;</p>
<p><a href="https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure%201-1.png" rel="noopener" target="_blank"><img src="https://lh3.googleusercontent.com/T7wP74BJ4WlidkP2tY9aV2xH-Z7lfAqlGgJlTOJOQ3QafK0m58dVb15z-j4nOitTV29eWeYw-A1esKLx98bTqsgI_wIyYDvDHgVy4s8dww0DZMuYjIhQQjWQn3WK63XIXvxdo-nR4wrIRUOOrIjWnW0" width="1470" loading="lazy" style="margin-left: auto; margin-right: auto; display: block; width: 1470px;"></a><span style="font-size: 16px;"><em>Figure 1: DarkAngels ransomware README&nbsp;</em></span></p>
<p>&nbsp;</p>
<h2><span style="color: #363739;">Technical Overview</span></h2>
<p>The ransomware binary for the ELF version observed (hash: 3b56cea72e8140a7044336933cf382d98dd95c732e5937a0a61e0e7296762c7b) requires a folder as an argument for the encryption in the victim system. Once the folder path is given, it starts encrypting files present inside the folder. The extension used by the threat actor is <span style="color: #9900ff;">.crypted</span> (see Figure 2).&nbsp;</p>
<p><a href="https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure%202-1.png" rel="noopener" target="_blank"><img src="https://lh4.googleusercontent.com/8jI8vIALow6R1IOmUCwYeEGxASDt399VrAsDUO5Z4gfW8HBRt1ECxRRhghJJerfxtzklwqfazXorfFzWFve_BLzBynb9UrUnT6ZhmWLeByMqR3SnB3wsyFaIEZHi6HNDt2j9h5CeW-kS6B6HjWIsguM" width="2972" loading="lazy" style="width: 2972px;"></a><br><span style="font-weight: normal;"><em>Figure 2: DarkAngels ransomware in action</em></span></p>
<p>&nbsp;</p>
<p>The binary uses the <a href="https://man7.org/linux/man-pages/man3/pthread_create.3.html"><span>pthread_create</span></a> function for creating a new thread. The pthread_create() function starts a new thread in the calling process. The new thread starts execution by invoking start_routine()(FUN_0041cf55) (see Figure 3).</p>
<p>&nbsp;</p>
<p><a href="https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure%203.png" rel="noopener" target="_blank"><img src="https://lh5.googleusercontent.com/MIPTnHjemCMhiRdrW0GxB8t_rbnGri7NSbYyVb09lm_GcvL-oE4yv-OqBwyq2ZDXHKdXPsCQ_v9N3z5302ucgnyYpy8KcbT9AfwkkHb64EMEzaCAEfLBt7V3tkyjB-DUZhqaDYESa1q6yebkkaOj8Hc" width="1807" loading="lazy" style="width: 1807px;"></a><br><em><span style="font-size: 16px; font-weight: normal;">Figure 3: pthread usage inside the ransomware binary</span></em></p>
<p>&nbsp;</p>
<p>The start_routine()(FUN_0041cf55) (see Figure 4) function performs the following steps to encrypt target files:</p>
<ul>
<li aria-level="1">Opens the target file and sets the write lock on it using fcntl().</li>
<li aria-level="1">Closes the target file and then renames it to &lt;target_file&gt;.crypted.</li>
<li aria-level="1">Opens another file by the name &lt;target_file&gt;.crypted.README_TO_RESTORE ,writes the README content into that and closes it.</li>
<li aria-level="1">Opens &lt;target_file&gt;.crypted and writes the encrypted content to it using combination of lseek and write call.</li>
<li aria-level="1">Also, a list of all the encrypted files gets stored in a file named wrkman.log.0.</li>
</ul>
<p>&nbsp;</p>
<p><a href="https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure%204.png" rel="noopener" target="_blank"><img src="https://lh4.googleusercontent.com/D8ztVwaWCNeHlb9qsEn0GKR9E1pnt4XPlEigojIV3Jj0NVD6lm36wcK0tYz4hi0PLltvY00E-sZcnO6X7b4lTwOMj45Z8ZGsdKgaRZPOcQ8YQ_2jV26be2wAGWSi_nQhIn41atZPZq_0ZUXVVdNPirI" width="1468" loading="lazy" style="width: 1468px;"></a><br><span style="font-weight: normal;"><em><span style="font-size: 16px;">Figure 4: Inside the start_routine</span></em></span></p>
<p>&nbsp;</p>
<p><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-b3b9589f-8130-4e70-9727-616613ada681"><span class="hs-cta-node hs-cta-b3b9589f-8130-4e70-9727-616613ada681" id="hs-cta-b3b9589f-8130-4e70-9727-616613ada681"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/b3b9589f-8130-4e70-9727-616613ada681" target="_blank" rel="noopener"><img class="hs-cta-img" id="hs-cta-img-b3b9589f-8130-4e70-9727-616613ada681" style="border-width:0px;margin: 0 auto; display: block; margin-top: 20px; margin-bottom: 20px" src="https://no-cache.hubspot.com/cta/default/2617658/b3b9589f-8130-4e70-9727-616613ada681.png" alt="The 3rd annual osquery@scale Conference is back!  Sepember 14-15" align="middle"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, 'b3b9589f-8130-4e70-9727-616613ada681', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></p>
<p>&nbsp;</p>
<h2><span style="color: #363739;">Uptycs EDR Detections</span></h2>
<p>The Uptycs EDR, armed with YARA process scanning, detects the Dark Angels ransomware with a threat score of 10/10 (see Figure 5).&nbsp;</p>
<p><span style="font-size: 9px;"><a href="https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Figure%205.png" rel="noopener" target="_blank"><img src="https://lh3.googleusercontent.com/3xsKvYeSH9SJlJSbxwn4SKPyiDSMXXsccgpT0dIPmQFuKA3J9EQBnmGK5IK7HS1FGmO1WZlI625Uyr33gwGTJ9mcQCYOQqZkQ2Ra3DeAFLSeVDbGCZ1Kfpk_SyWgTxEKdktfrNc4IF2OlL_GGv0dG3U" width="1689" loading="lazy" style="width: 1689px;"></a><br><em><span style="font-size: 16px;">Figure 5: Uptycs EDR detection for DarkAngels ransomware</span></em></span></p>
<p>&nbsp;</p>
<h2><span style="color: #363739;">Conclusion</span></h2>
<p>Ransomware families targeting Linux systems or going cross-platform to target multiple OSes is not new. In the past, the threat actors have expanded their ransomware campaigns across OS flavors in order to target more victims. The DarkAngels ransomware appears to still be in a development phase, with a clear goal to target Linux systems.&nbsp;</p>
<p>We may see some new features or advancements in this family of ransomware in the future. The Uptycs Threat Research team is continuously monitoring related malware campaigns to safeguard customers and inform the broader security community.&nbsp;</p>
<h2><span style="color: #363739;">IOCS</span></h2>
<p>3b56cea72e8140a7044336933cf382d98dd95c732e5937a0a61e0e7296762c7b</p>
<p>http[:]//qspjx67hi3heumrubqotn26cwimb6vjegiwgvrnpa6zefae2nqs6xqad[.]onion/page/6297aa368ec25</p>
<p>&nbsp;</p>
<h2 style="text-align: center;"><span>To learn more about the latest threat research conducted by the Uptycs Team, check out our most recent threat bulletin below.</span></h2>
<p><span><!--HubSpot Call-to-Action Code --><span class="hs-cta-wrapper" id="hs-cta-wrapper-6ce55455-9860-444c-92f8-1e1cba42654c"><span class="hs-cta-node hs-cta-6ce55455-9860-444c-92f8-1e1cba42654c" id="hs-cta-6ce55455-9860-444c-92f8-1e1cba42654c"><!--[if lte IE 8]><div id="hs-cta-ie-element"></div><![endif]--><a href="https://cta-redirect.hubspot.com/cta/redirect/2617658/6ce55455-9860-444c-92f8-1e1cba42654c"><img class="hs-cta-img" id="hs-cta-img-6ce55455-9860-444c-92f8-1e1cba42654c" style="border-width:0px;margin: 0 auto; display: block; margin-top: 20px; margin-bottom: 20px" height="300" width="700" src="https://no-cache.hubspot.com/cta/default/2617658/6ce55455-9860-444c-92f8-1e1cba42654c.png" alt="threat bulletin cta image" align="middle"></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(2617658, '6ce55455-9860-444c-92f8-1e1cba42654c', {"useNewLoader":"true","region":"na1"}); </script></span><!-- end HubSpot Call-to-Action Code --></span></p></span></div>
      <div class="topics">
        <span class="label">Tag(s):</span> 
         
        <a class="link" href="https://www.uptycs.com/blog/tag/threat-hunting">Threat Hunting</a> 
        ,  
         
        <a class="link" href="https://www.uptycs.com/blog/tag/threat-intelligence">Threat Intelligence</a> 
        ,  
         
        <a class="link" href="https://www.uptycs.com/blog/tag/threat-research">Threat Research</a> 
        ,  
         
        <a class="link" href="https://www.uptycs.com/blog/tag/featured">Featured</a> 
         
        
      </div>
    </div>
    
    <!-- End Blog Post Body -->
  
    <!-- Blog Post Author -->
    <div class="author">
        <div class="meta">
          <div class="avatar lazy" data-bg="https://f.hubspotusercontent00.net/hub/2617658/hubfs/Uptycs-Stacked-Logo-500x500-blog-author-pic.png?length=100&amp;name=Uptycs-Stacked-Logo-500x500-blog-author-pic.png"></div>
        </div>
        <div class="bio">
          <h2 class="name"><a href="https://www.uptycs.com/blog/author/uptycs-threat-research">Uptycs Threat Research</a></h2>    
          <p>Research and updates from the Uptycs Threat Research team.</p>
          <div class="social">
            <span class="label">Connect with the author</span>
            
            
            
            <a class="website" href="https://uptycs.com?rel=author" target="_blank" aria-label="Website"><span class="fas fa-globe" aria-hidden="true"></span></a>
          </div>
  
      </div>
    </div>
    <!-- End Blog Post Author -->  
  
    
  
  </section>

  <div id="hs_cos_wrapper_u4m-blog-post-primary-tag" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"></div>
  <div id="hs_cos_wrapper_u4m-blog-post-cards" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module">
  
  
   
  
<section class="u4m-blog-post-cards u4m-blog-post-cards 
 non-sticky 
" style=" ">




<a class="anchor" id="u4m-blog-post-cards"></a>
  
    
      <h2 class="heading">Other posts you might be interested in</h2>
    
  
    <div class="wrapper">
  
      
      
        
        <span id="hs_cos_wrapper_u4m-blog-post-cards_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_related_blog_posts" style="" data-hs-cos-general-type="widget" data-hs-cos-type="related_blog_posts">
  
        <!--
  templateType: "page"
  isAvailableForNewContent: false
-->


<a class="blog-post-card" href="https://www.uptycs.com/blog/log4j-vulnerability-aftermath">
  <div class="featured-image lazy" data-bg="https://fs.hubspotusercontent00.net/hub/2617658/hubfs/shutterstock_672392776.png?length=360&amp;name=shutterstock_672392776.png">
  </div>
  <div class="content">
    <div class="topics">
    
      
        
        
          
          
      
        
        
          
          
            
              
                <span class="topic">Threat Hunting</span>
              
            
              
            
          
      
    
  </div>
  <div class="read-time">
    
    
    
      <i class="far fa-clock" aria-hidden="true"></i> 10 min read
        <span class="date"> | December 20, 2021</span>
    
  </div>
  <h2 class="title">Log4j Vulnerability Aftermath</h2>
  
  <span class="read-more">Read More</span>
  </div>

</a>
        

  
        <!--
  templateType: "page"
  isAvailableForNewContent: false
-->


<a class="blog-post-card" href="https://www.uptycs.com/blog/2022-mitre-attck-evaluations-spotlight-on-ransomware">
  <div class="featured-image lazy" data-bg="https://lh4.googleusercontent.com/ZmG1_9DmGgD6nMnPzVzMpYIwQKoYQ5n88TMJwUuo4_1JPUu6BUuTvjBj0pytO96CsDt-Dr8oaEJBZ-Y9UFpgqoxyAafjq2q7McFRvWKW5sBa7-Z8SRWKEuTCrNpMYh7YIV9Yf5Kj">
  </div>
  <div class="content">
    <div class="topics">
    
      
        
        
          
          
            
              
                <span class="topic">MITRE ATT&amp;CK</span>
              
            
          
      
    
  </div>
  <div class="read-time">
    
    
    
      <i class="far fa-clock" aria-hidden="true"></i> 7 min read
        <span class="date"> | March 31, 2022</span>
    
  </div>
  <h2 class="title">2022 MITRE ATT&amp;CK® Evaluations: Spotlight on Ransomware</h2>
  
  <span class="read-more">Read More</span>
  </div>

</a>
        

  
        <!--
  templateType: "page"
  isAvailableForNewContent: false
-->


<a class="blog-post-card" href="https://www.uptycs.com/blog/black-basta-ransomware-goes-cross-platform-now-targets-esxi-systems">
  <div class="featured-image lazy" data-bg="https://2617658.fs1.hubspotusercontent-na1.net/hub/2617658/hubfs/seshu%20blog%20post%201223.png?length=360&amp;name=seshu%20blog%20post%201223.png">
  </div>
  <div class="content">
    <div class="topics">
    
      
        
        
          
          
      
        
        
          
          
      
        
        
          
          
      
        
        
          
          
      
        
        
          
          
            
              
                <span class="topic">Threat Hunting</span>
              
            
              
            
              
            
              
            
              
            
          
      
    
  </div>
  <div class="read-time">
    
    
    
      <i class="far fa-clock" aria-hidden="true"></i> 5 min read
        <span class="date"> | June 7, 2022</span>
    
  </div>
  <h2 class="title">Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems</h2>
  
  <span class="read-more">Read More</span>
  </div>

</a>
        

</span>
      
  
      
      
  
      
           
    </div>  
  </section></div>
  <div id="hs_cos_wrapper_u4m-subscribe" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module">
  
  
   
  
<section class="u4m-subscribe u4m-subscribe 
 non-sticky 
" style=" ">




<a class="anchor" id="u4m-subscribe"></a>
  
  <div class="inner">
    <div class="left">
      <h2>Subscribe to email updates</h2>
    </div>
    <div class="right">
      <span id="hs_cos_wrapper_u4m-subscribe_blog_subscribe" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_blog_subscribe" style="" data-hs-cos-general-type="widget" data-hs-cos-type="blog_subscribe">
<div id="hs_form_target_u4m-subscribe_blog_subscribe_1"></div>



</span>
    </div>  
  </div>
</section></div>
</main>


    
        <div id="hs_cos_wrapper_u4m-footer" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><footer class="u4m-footer">
  <div class="menu">
    <span id="hs_cos_wrapper_u4m-footer_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_u4m-footer_" class="hs-menu-wrapper active-branch no-flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="default" data-menu-id="51889433970" aria-label="Navigation Menu">
 <ul role="menu" class="active-branch">
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Products</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="header">Attack Surfaces:</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/product/endpoint-security-service" role="menuitem">Endpoints &amp; Server Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/product/container-security-solutions" role="menuitem">Containers &amp; Kubernetes</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/product/cloud-security-services" role="menuitem">Cloud Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="header">Open Source:</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/product/open-source-cloud-security-solutions" role="menuitem">Cloudquery</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/product/kubernetes-security-tools" role="menuitem">Kubequery</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/product/open-source-security-tools" role="menuitem">Osquery</a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Solutions</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="header">Category:</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/security-and-monitoring-for-cloud-workloads" role="menuitem">Cloud Workload Protection Platform</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/cloud-security-posture-management" role="menuitem">Cloud Security Posture Management</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/endpoint-detection-and-response" role="menuitem">eXtended Detection &amp; Response</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/it-asset-inventory" role="menuitem">Insight &amp; Inventory</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/it-security-compliance" role="menuitem">Audit, Compliance &amp; Governance</a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">_</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="header">Audit &amp; Compliance Frameworks:</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/fedramp-compliance" role="menuitem">FedRAMP</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/soc-type-2-compliance" role="menuitem">SOC-2</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/cis-compliance" role="menuitem">CIS</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/solutions/pci-compliance" role="menuitem">PCI</a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children active-branch" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Resources</a>
   <ul role="menu" class="hs-menu-children-wrapper active-branch">
    <li class="hs-menu-item hs-menu-depth-2 active active-branch" role="none"><a href="https://www.uptycs.com/blog" role="menuitem">Blog</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/resources" role="menuitem">Uptycs Resource Center</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/tools-and-integrations" role="menuitem">Tools &amp; Integrations</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/free-osquery-training-intro-to-osquery" role="menuitem">Osquery Tutorial</a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Company</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/about-us" role="menuitem">About Us</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/leadership" role="menuitem">Leadership</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/careers" role="menuitem">Careers</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/press-coverage" role="menuitem">Press &amp; News</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/contact-us" role="menuitem">Contact Us</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/security" role="menuitem">Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.uptycs.com/subject-access-request" role="menuitem">Subject Access Request</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="address">404 Wyman Street </span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="address">Suite 357</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="address">Waltham, MA 02451</span></a></li>
   </ul></li>
 </ul>
</div></span>
  </div>
  <div class="utility">
    <div class="image"><img loading="lazy" src="https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=360&amp;name=Uptycs%20Logo%20Navigation.png" width="360" alt="Uptycs Logo Navigation" srcset="https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=180&amp;name=Uptycs%20Logo%20Navigation.png 180w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=360&amp;name=Uptycs%20Logo%20Navigation.png 360w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=540&amp;name=Uptycs%20Logo%20Navigation.png 540w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=720&amp;name=Uptycs%20Logo%20Navigation.png 720w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=900&amp;name=Uptycs%20Logo%20Navigation.png 900w, https://www.uptycs.com/hs-fs/hubfs/Uptycs%20Logo%20Navigation.png?width=1080&amp;name=Uptycs%20Logo%20Navigation.png 1080w" sizes="(max-width: 360px) 100vw, 360px"></div>
    <div class="social">
      <a href="https://www.facebook.com/uptycs/" target="_blank" aria-label="Facebook"><img src="https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=72&amp;name=fb-logo.png" width="72" loading="lazy" srcset="https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=36&amp;name=fb-logo.png 36w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=72&amp;name=fb-logo.png 72w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=108&amp;name=fb-logo.png 108w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=144&amp;name=fb-logo.png 144w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=180&amp;name=fb-logo.png 180w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/fb-logo.png?width=216&amp;name=fb-logo.png 216w" sizes="(max-width: 72px) 100vw, 72px"></a>
      <a href="https://www.linkedin.com/company/uptycs/" target="_blank" aria-label="LinkedIn"><img src="https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=72&amp;name=li-logo.png" width="72" loading="lazy" srcset="https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=36&amp;name=li-logo.png 36w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=72&amp;name=li-logo.png 72w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=108&amp;name=li-logo.png 108w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=144&amp;name=li-logo.png 144w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=180&amp;name=li-logo.png 180w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/li-logo.png?width=216&amp;name=li-logo.png 216w" sizes="(max-width: 72px) 100vw, 72px"></a>
      <a href="https://twitter.com/uptycs?lang=en" target="_blank" aria-label="Twitter"><img src="https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=72&amp;name=t-logo.png" width="72" loading="lazy" srcset="https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=36&amp;name=t-logo.png 36w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=72&amp;name=t-logo.png 72w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=108&amp;name=t-logo.png 108w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=144&amp;name=t-logo.png 144w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=180&amp;name=t-logo.png 180w, https://www.uptycs.com/hs-fs/hubfs/uptycs-srw/t-logo.png?width=216&amp;name=t-logo.png 216w" sizes="(max-width: 72px) 100vw, 72px"></a>
      
      
    </div>
  </div>
  <div class="bottom">
    <div class="links"><span class="copyright">© Copyright 2022 </span><span class="utility"> | <a href="https://www.uptycs.com/uptycs-privacy-policy">Privacy Policy</a> </span></div>
  </div>
</footer></div>
    
    
    
<script>
(function () {
    window.addEventListener('load', function () {
        setTimeout(function () {
            var xhr = new XMLHttpRequest();
            xhr.open('POST', '/_hcms/perf', true /*async*/);
            xhr.setRequestHeader("Content-type", "application/json");
            xhr.onreadystatechange = function () {
                // do nothing.
            };
            var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
            function populateNetworkInfo(name, connection, info) {
                if (name in connection) {
                    info[name] = connection[name];
                }
            }
            var networkInfo = {};
            if (connection) {
                ['type', 'effectiveType', 'downlink', 'rtt'].forEach(function(name) {
                    populateNetworkInfo(name, connection, networkInfo);
                });
            }
            var perfData = {
                url: location.href,
                portal: 2617658,
                content: 83665485132,
                group: -1,
                connection: networkInfo,
                timing: performance.timing
            };
            xhr.send(JSON.stringify(perfData));
        }, 3000);  // Execute this 3 seconds after onload.
    });
})();
</script>


<script>
// Stick sharing
document.addEventListener('DOMContentLoaded', function() {

    var Sticky = new hcSticky('#share', {
      stickTo: '.u4m-blog-post',
      top: 100
    });
  
});
</script>

<script>
var hsVars = hsVars || {}; hsVars['language'] = 'en';
</script>

<script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/scripts/jquery-3.5.1.min.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/hubspot.search.min.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/jquery.nb.offscreenMenuToggle.min.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/aos3.min.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified-assets/lazyload.min.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/unified3/libraries/js.cookie.min.js"></script>
<script src="https://302335.fs1.hubspotusercontent-na1.net/hubfs/302335/hc-sticky.js"></script>
<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/51822599800/1631654399539/module_51822599800_u4m-header.min.js"></script>
<script src="/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js"></script>

      <script>
          function newBreed() {
              console.log('Unified 4 by New Breed' + '\n' + '---' + '\n' + '- Domain = www.uptycs.com' + '\n' + '- Current URL = https://www.uptycs.com/blog/another-ransomware-for-linux-likely-in-development' + '\n' + '- URL Slug = blog/another-ransomware-for-linux-likely-in-development' + '\n' + '- Portal = 2617658' + '\n' + '---' + '\n' + 'Template' + '\n' + '- Name = blog-post.html' + '\n' + '- Category = normal_blog_post' + '\n' + '- Homepage? = false' + '\n' + '- Landing Page? = ');
          };
          newBreed();
      </script>
  

    <!--[if lte IE 8]>
    <script charset="utf-8" src="https://js.hsforms.net/forms/v2-legacy.js"></script>
    <![endif]-->

<script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script>

  <script data-hs-allowed="true">
      hbspt.forms.create({
          portalId: '2617658',
          formId: '1e2854c3-ada5-486e-bd4e-f38fcabca144',
          formInstanceId: '1',
          pageId: '83665485132',
          region: 'na1',
          
          pageName: 'Another Ransomware For Linux Likely In Development',
          
          contentType: 'blog-post',
          
          formsBaseUrl: '/_hcms/forms/',
          
          
          inlineMessage: "<p>Thanks for subscribing!</p>",
          
          css: '',
          target: '#hs_form_target_u4m-subscribe_blog_subscribe_1',
          
          formData: {
            cssClass: 'hs-form stacked'
          }
      });
  </script>

<script src="https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/51823447380/1632234478653/module_51823447380_u4m-footer.min.js"></script>

<!-- Start of HubSpot Analytics Code -->
<script type="text/javascript">
var _hsq = _hsq || [];
_hsq.push(["setContentType", "blog-post"]);
_hsq.push(["setCanonicalUrl", "https:\/\/www.uptycs.com\/blog\/another-ransomware-for-linux-likely-in-development"]);
_hsq.push(["setPageId", "83665485132"]);
_hsq.push(["setContentMetadata", {
    "contentPageId": 83665485132,
    "legacyPageId": "83665485132",
    "contentFolderId": null,
    "contentGroupId": 5593128451,
    "abTestId": null,
    "languageVariantId": 83665485132,
    "languageCode": "en",
    
}]);
</script>

<script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/2617658.js"></script>
<!-- End of HubSpot Analytics Code -->


<script type="text/javascript">
var hsVars = {
    ticks: 1662163295474,
    page_id: 83665485132,
    
    content_group_id: 5593128451,
    portal_id: 2617658,
    app_hs_base_url: "https://app.hubspot.com",
    cp_hs_base_url: "https://cp.hubspot.com",
    language: "en",
    analytics_page_type: "blog-post",
    analytics_page_id: "83665485132",
    category_id: 3,
    folder_id: 0,
    is_hubspot_user: false
}
</script>


<script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js"></script>

<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-P663XDQ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>

      <noscript>
        <img src="https://ws.zoominfo.com/pixel/6127ecc2d037650015c31617" width="1" height="1" style="display: none;">
      </noscript>
    

<!-- End Google Tag Manager (noscript) -->
<script src="https://my.hellobar.com/c42c9a8680c89010c1c5214aa9b2bbbca8b38118.js" type="text/javascript" charset="utf-8" async> </script>





</body></html>